Microsoft Azure Overview

Azure Overview

Introduction

This page provides a basic overview of the Microsoft Azure public cloud platform and some specifics of the Azure relationship with the University of Washington.

What is Azure?

Azure is a comprehensive set of cloud services that developers and IT professionals use to build, deploy, and manage applications through our global network of datacenters. Integrated tools, DevOps, and a marketplace support you in efficiently building anything from simple mobile apps to internet-scale solutions

Azure is productive for developers

Get your apps to market faster. Azure integrated tools, from mobile DevOps to serverless computing support your productivity. Build the way you want to, using the tools and open source technologies you already know. Azure supports a range of operating systems, programming languages, frameworks, databases, and devices.

Continuously innovate and deliver high-quality apps.

Provide cross-device experiences with support for all major mobile platforms.

Run any stack, Linux-based or Windows-based, and use advanced capabilities such as Kubernetes cluster in Azure Container Service.

Azure is the only consistent hybrid cloud

Azure is the only consistent hybrid cloud
Build and deploy wherever you want with Azure, the only consistent hybrid cloud on the market. Connect data and apps in the cloud and on-premise for maximum portability and value from your existing investments. Azure offers hybrid consistency in application development, management and security, identity management, and across the data platform.

Azure is the cloud for building intelligent apps

Use Azure to create data-driven, intelligent apps. From image recognition to bot services, take advantage of Azure data services and artificial intelligence to create new experience that scale and support deep learning, HPC simulations, and real-time analytics on any shape and size of data.

Develop breakthrough apps with built-in AI.

Build and deploy custom AI models at scale, on any data.

Combine the best of Microsoft and open source data and AI innovations.

Learn More

Business Associates Agreement Summary

Microsoft includes a HIPAA BAA in our Online Service Terms. This is by default for all commercial customers. The current HIPAA BBA is located here.

HIPAA and the HITECH Act

The Health Insurance Portability and Accountability Act (HIPAA) is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities doctors offices, hospitals, health insurers, and other healthcare companies with access to patients protected health information (PHI), as well as to business associates, such as cloud service and IT providers, that process PHI on their behalf. (Most covered entities do not carry out functions such as claims or data processing on their own; they rely on business associates to do so.)

The law regulates the use and dissemination of PHI in four general areas:

Privacy, which covers patient confidentiality.

Security, which deals with the protection of information, including physical, technological, and administrative safeguards.

Identifiers, which are the types of information that cannot be released if collected for research purposes.

Codes for electronic transmission of data in healthcare-related transactions, including eligibility and insurance claims and payments.

The scope of HIPAA was extended with the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Together, HIPAA and HITECH Act rules include:

The HIPAA Privacy Rule, which focuses on the right of individuals to control the use of their personal information, and covers the confidentiality of PHI, limiting its use and disclosure.

The HIPAA Security Rule, which sets the standards for administrative, technical, and physical safeguards to protect electronic PHI from unauthorized access, use, and disclosure. It also includes such organizational requirements as Business Associate Agreements (BAAs).

The HITECH Breach Notification Final Rule, which requires giving notice to individuals and the government when a breach of unsecured PHI occurs.

HIPAA regulations require that covered entities and their business associates in this case, Microsoft when it provides services, including cloud services, to covered entities enter into contracts to ensure that those business associates will adequately protect PHI. These contracts, or BAAs, clarify and limit how the business associate can handle PHI, and set forth each party’s adherence to the security and privacy provisions set forth in HIPAA and the HITECH Act. Once a BAA is in place, Microsoft customers’ covered entities can use its services to process and store PHI.

Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.

Microsoft enterprise cloud services are also covered by FedRAMP assessments. Microsoft Azure and Microsoft Azure Government received a Provisional Authority to Operate from the FedRAMP Joint Authorization Board; Microsoft Dynamics 365 U.S. Government received an Agency Authority to Operate from the US Department of Housing and Urban Development, as did Microsoft Office 365 U.S. Government from the US Department of Health and Human Services.